PDF malware analysis — malicious · b666f09ed5f74257

MALICIOUS

PDF

63.7 KB Created: 2021-06-29 23:44:45 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: 8318d724e329466213322f4b2329e949 SHA-1: 021cad199a0a6bf15c4f24ed3be0c00208b9773e SHA-256: b666f09ed5f74257291fbe463c4fa14d7ef83d7917aad50a6537c23ca8e9ea52

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific signature indicating phishing and trojan activity. It contains an embedded URI pointing to a suspicious domain, which is a common tactic for delivering malicious content or redirecting users to phishing sites. Although no executable scripts were extracted, the PDF structure and the presence of an external URL suggest an attempt to exploit the user's trust in PDF documents for malicious purposes.

Machine Learning

Nyx PDF Classifier suspicious score 0.4837

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://garglob.ru/uplcv?utm_term=countries+on+black+sea PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.